Hacked! Is Your WordPress Blog Vulnerable to Attack?

In September of 2009, many users of the website builder WordPress pulled up their blogs to find a horrible sight:  it wasn’t there.  Due to vulnerabilities in WordPress, their blogs had been hacked, dismantled, and in some cases permanently damaged.  Imagine losing all of your data.  Your layout and theme.  Your advertisements.  And, worst of all, your revenue for the period of time it takes you to get everything working again.

If you value your WordPress site, here are some ways to protect your blog, and thus, your money:

Protect Your Login


There are a couple of things you can do right off the bat that make your WordPress less vulnerable to attack.  Install the “Chap Secure Login” plug-in to encrypt your login and prevent the bad guys from sniffing it out of a public network.  Additionally, install a plug-in like “Login Lockdown” that will track your login attempts from different IPs; this will prevent third party users from brute-forcing your password.

All WordPress blogs have “admin” as the default username, which is a glaring security hole in every site that uses this as a website builder.  Create a new user account and assign that user the role of administrator.  Log in with that account, then delete the old “admin” account (make sure to click “attribute all posts and links to” first!).  This will close the backdoor on your blog.

Be sure to use a great password too!  We recommend one or two capital letters, at least one number, and a symbol such as an exclamation point or percent sign.  And stay away from common password subjects like pet names or birthdays – people can usually figure these out.

Protect Your Content


Even if you’re certain you have the most secure WordPress blog on the planet, there’s always a chance of unauthorized access.  Install the “WP Database Backup” plug-in and make sure it backs up all of your data often, just in case. Then protect your plug-ins from prying eyes by creating a regular text file named “index.html” and uploading it to your “/wp-content/plugins” folder.  This will prevent people from seeing the plug-ins your blog is currently running and attempting to exploit any security vulnerabilities they may have.

Also, it is imperative that you put the lockdown on your admin folder.  This folder contains tons of important information and can cause a great deal of trouble for your blog if compromised.  The “AskApache Password Protect” plug-in will allow you to password protect the folder and keep unwanted guests where they belong (out).

While nothing that exists on the internet is 100% safe, it is far easier to prevent someone from hacking your WordPress blog than it is to clean up the mess a hacker leaves behind.  Follow safe browsing practices, use great security plugins, and regularly scan your computer for viruses, trojans, and other malware to ensure you are not potentially giving up all of your personal information to a keylogger.  Your WordPress blog is a valuable asset, so be sure to treat it like one!

Print Friendly, PDF & Email

About the Author

Tom Harris

Tom Harris was writing about Wordpress before Wordpress existed forever seeking the ultimate tool to explode online business. Tom has been on the net since its inception at Universities and has been a proponent of “user friendly” technology all his life. He now covers the intersection of business and technology from the gulf coast of Louisiana. Previously, Harris was the tech reporter for several local daily newspapers in New York state, Pittsburgh and London. He is an avid fan of technology and its affect on society, business and politics around the world.